Frida javascript hook 检测设备信息获取等

在这里插入图片描述

对 Android 应用进行 hook 常见的有 Xposed、Frida 等,Xposed 有时候可能不尽人意,或许您可以试试 Frida ~

frida -U -f com.primer.gamecerter -l hookStartActivity.js

TODO

  • 后续是否可以对检测数据(堆栈、类名、方法名、参数、返回值)进行收集和统计,数据经过进一步处理后格式化输出更好~
/*** 时间:2024年2月22日12:17:44* 作者:村长* 描述:合规检测 hook* * * 如何使用:*      1、确保设备启动 frida-service*          adb shell*          su                                      需要 root 设备*          cd data/local/tmp/                      firda-service 可执行文件存放位置*          ./frida-service*** &                    后台运行*          frida -U -f 【包名】 -l 【脚本路径】      注入脚本启动应用 * *///全局配置
var runConfig = {"permission": false,"startActivity": false,"deviceId": true,"file": false,"ipAddress": false,"location": false,"other": false,"systemProperties": false,"packageList": false,"enablePrintStackTrace": false,
}Java.perform(function x() {console.log(" --------- 启动检测 ----------");if (runConfig.permission) {checkPermission();}if (runConfig.startActivity) {checkStartActivity();}if (runConfig.deviceId) {checkAndroidId();checkIMEI();checkOtherId()}if (runConfig.file) {checkExternalFileRW();}if (runConfig.ipAddress) {checkIPAddress();}if (runConfig.location) {checkLocation();}if (runConfig.other) {checkOther();}if (runConfig.systemProperties) {checkSystemProperties();}if (runConfig.packageList) {checkPackageList();}console.log(" --------- 结束检测 ----------");
})///function log() {if (runConfig.enablePrintStackTrace) {console.log(Java.use("android.util.Log").getStackTraceString(Java.use("java.lang.Throwable").$new()));}
}function checkPackageList() {console.log("----------- 应用安装列表检查 -----------")var ApplicationPackageManager = Java.use("android.app.ApplicationPackageManager")ApplicationPackageManager.getInstalledPackages.implementation = function (flags) {var list = this.getInstalledPackages(flags)console.log("ApplicationPackageManager 获取安装列表 " + list)log();return list;}ApplicationPackageManager.getPackageInfo.overload('java.lang.String', 'int').implementation = function (pkg, flags) {var info = this.getPackageInfo(pkg, flags)console.log("ApplicationPackageManager 获取包名信息 " + info)log();return info;}ApplicationPackageManager.getPackageInfo.overload('android.content.pm.VersionedPackage', 'int').implementation = function (pkg, flags) {var info = this.getPackageInfo(pkg, flags)console.log("ApplicationPackageManager 获取包名信息 " + info)log();return info;}ApplicationPackageManager.getLaunchIntentForPackage.implementation = function (pkg) {var intent = this.getLaunchIntentForPackage(pkg)console.log("ApplicationPackageManager 获取启动 intent: " + intent)log();return intent;}
}function checkSystemProperties() {console.log("----------- 系统属性检查 -----------")var SystemProperties = Java.use("android.os.SystemProperties")SystemProperties.get.overload('java.lang.String').implementation = function (key) {var val = this.get(key)console.log("SystemProperties 获取系统属性 " + key + " -> " + val)log();return val;}SystemProperties.get.overload('java.lang.String', 'java.lang.String').implementation = function (key, def) {var val = this.get(key, def)console.log("SystemProperties 获取系统属性 " + key + " -> " + val + " " + def)log();return val;}
}function checkOther() {console.log("----------- 剪切板检查 -----------")var ClipboardManager = Java.use("android.content.ClipboardManager")ClipboardManager.getPrimaryClip.implementation = function () {var val = this.getPrimaryClip()console.log("ClipboardManager 1 获取短信 " + val)log();return val;}ClipboardManager.getPrimaryClipDescription.implementation = function () {var val = this.getPrimaryClipDescription()console.log("ClipboardManager 1 获取短信 " + val)log();return val;}console.log("----------- 网络信息检查 -----------")var ConnectivityManager = Java.use("android.net.ConnectivityManager")ConnectivityManager.getActiveNetworkInfo.implementation = function () {var val = this.getActiveNetworkInfo()console.log("ConnectivityManager 获取网络信息 " + val)log();return val;}
}/**
* 未完善,需要解析 content 判断属于哪一种类型
*/
function checkContentResolve() {var ContentResolver = Java.use("android.content.ContentResolver")ContentResolver.query.overload('android.net.Uri', '[Ljava.lang.String;', 'android.os.Bundle', 'android.os.CancellationSignal').implementation = function (uri, strs, bundle, signal) {var val = this.query(uri, strs, bundle, signal)console.log("ContentResolver 1 获取短信 " + val)log();return val;}ContentResolver.query.overload('android.net.Uri', '[Ljava.lang.String;', 'java.lang.String', '[Ljava.lang.String;', 'java.lang.String').implementation = function (uri, strs, str1, strs2, str3) {var val = this.query(uri, strs, str1, strs2, str3)console.log("ContentResolver 2  获取短信 " + val)log();return val;}ContentResolver.query.overload('android.net.Uri', '[Ljava.lang.String;', 'java.lang.String', '[Ljava.lang.String;', 'java.lang.String', 'android.os.CancellationSignal').implementation = function (uri, strs1, str2, strs3, str4, signal) {var val = this.query(uri, strs1, str2, strs3, str4, signal)console.log("ContentResolver 3 获取短信 " + val)log();return val;}
}function checkLocation() {console.log("----------- 定位检查 -----------")var LocationManager = Java.use("android.location.LocationManager")LocationManager.getLastLocation.implementation = function () {var location = this.getLastLocation()console.log("LocationManager 获取定位 " + location)log();return location;}LocationManager.getLastKnownLocation.implementation = function () {var location = this.getLastKnownLocation()console.log("LocationManager 获取定位 " + location)log();return location;}
}function checkIPAddress() {console.log("----------- IP 地址检查 -----------")var NetworkInterface = Java.use("java.net.NetworkInterface")NetworkInterface.getInterfaceAddresses.implementation = function () {var addessList = this.getInterfaceAddresses()console.log("NetworkInterface 获取 IP 地址 " + addessList)log();return addessList;}var Inet4Address = Java.use("java.net.Inet4Address")Inet4Address.getHostAddress.implementation = function () {var address = this.getHostAddress()console.log("Inet4Address 获取主机地址 " + address)log();return address;}var Inet6Address = Java.use("java.net.Inet6Address")Inet6Address.getHostAddress.implementation = function () {var address = this.getHostAddress()console.log("Inet6Address 获取主机地址 " + address)log();return address;}
}function checkExternalFileRW() {console.log("----------- 外部文件读写检查 -----------")var ContextImpl = Java.use("android.app.ContextImpl")ContextImpl.getExternalFilesDirs.implementation = function (type) {var files = this.getExternalFilesDirs(type)console.log("ContextImpl 获取外部文件目录 " + type)log();return files;}ContextImpl.getExternalMediaDirs.implementation = function () {var files = this.getExternalMediaDirs()console.log("ContextImpl 获取媒体文件目录")log();return files;}ContextImpl.getExternalCacheDirs.implementation = function () {var files = this.getExternalCacheDirs()console.log("ContextImpl 获取缓存目录")log();return files;}var Environment = Java.use("android.os.Environment")Environment.getExternalStorageDirectory.implementation = function () {var file = this.getExternalStorageDirectory()console.log("ContextImpl 获取外部存储目录")log();return file;}}function checkIMEI() {console.log("----------- imei 检查 -----------")var TelephonyManager = Java.use("android.telephony.TelephonyManager")//getDeviceId    TelephonyManager.getDeviceId.overload("int").implementation = function (slotIndex) {var iemi = this.getDeviceId(slotIndex)console.log("TelephonyManager 获取 IMEI getDeviceId slotIndex = " + slotIndex + "  iemi = " + iemi)log();return iemi;}TelephonyManager.getDeviceId.overload().implementation = function () {var iemi = this.getDeviceId()console.log("TelephonyManager 获取 getDeviceId IMEI = " + iemi)log();return iemi;}//getMeidTelephonyManager.getMeid.overload("int").implementation = function (slotIndex) {var iemi = this.getMeid(slotIndex)console.log("TelephonyManager 获取 IMEI getMeid slotIndex = " + slotIndex + "  iemi = " + iemi)log();return iemi;}TelephonyManager.getMeid.overload().implementation = function () {var iemi = this.getMeid()console.log("TelephonyManager 获取 getMeid IMEI = " + iemi)log();return iemi;}//getImeiTelephonyManager.getImei.overload("int").implementation = function (slotIndex) {var iemi = this.getImei(slotIndex)console.log("TelephonyManager 获取 IMEI getImei slotIndex = " + slotIndex + "  iemi = " + iemi)log();return iemi;}TelephonyManager.getImei.overload().implementation = function () {var iemi = this.getImei()console.log("TelephonyManager 获取 getImei IMEI = " + iemi)log();return iemi;}}function checkOtherId() {console.log("----------- mac 检查 -----------")var NetworkInterface = Java.use("java.net.NetworkInterface")NetworkInterface.getHardwareAddress.implementation = function () {var mac = this.getHardwareAddress()console.log("NetworkInterface 获取 MAC = " + mac)log();return mac;}var WifiInfo = Java.use("android.net.wifi.WifiInfo")WifiInfo.getMacAddress.implementation = function () {var mac = this.getMacAddress()console.log("WifiInfo 获取 MAC = " + mac)log();return mac;}console.log("----------- SSID 检查 -----------")WifiInfo.getSSID.implementation = function () {var ssid = this.getSSID()console.log("WifiInfo 获取 ssid = " + ssid)log();return ssid;}console.log("----------- oaid 检查 -----------")var OAID_LIST = ["com.bun.supplier.IdSupplier","com.bun.miitmdid.provider.DefaultProvider","com.bun.miitmdid.supplier.IdSupplier","com.bun.miitmdid.interfaces.IdSupplier"]for (let index in OAID_LIST) {try {var oaid = Java.use(OAID_LIST[index])oaid.getOAID.implementation = function () {var result = this.getOAID()console.log('获取 oaid   = ' + result);log();return result}} catch (e) {}}console.log("----------- IMSI 检查 -----------")var TelephonyManager = Java.use("android.telephony.TelephonyManager")TelephonyManager.getSubscriberId.overload().implementation = function () {var imsi = this.getSubscriberId()console.log("TelephonyManager 获取 imsi = " + imsi)log();return imsi;}TelephonyManager.getSubscriberId.overload('int').implementation = function (index) {var imsi = this.getSubscriberId(index)console.log("TelephonyManager 获取 1 imsi = " + imsi)log();return imsi;}console.log("----------- SN 检查 -----------")var Build = Java.use("android.os.Build")Build.getSerial.implementation = function () {var sn = this.getSerial()console.log("TelephonyManager 获取 sn = " + sn)log();return sn;}
}function checkAndroidId() {console.log("----------- android id检查 -----------")var ANDROID_ID = "android_id"var Secure = Java.use("android.provider.Settings$Secure")Secure.getString.implementation = function (resolver, name) {var result = this.getString(resolver, name);console.log("getString  name = " + name + " val =" + result)if (ANDROID_ID == name) {console.log("getString 获取 androidID")log();}return result;}Secure.getStringForUser.implementation = function (resolver, name, userHandle) {var result = this.getStringForUser(resolver, name, userHandle);console.log("getStringForUser  name = " + name + " val =" + result)if (ANDROID_ID == name) {console.log("Secure getStringForUser 获取 androidID")log();}return result;}var SecureSystem = Java.use("android.provider.Settings$System")SecureSystem.getStringForUser.implementation = function (resolver, name, userHandle) {var result = this.getStringForUser(resolver, name, userHandle);console.log("System getStringForUser  name = " + name + " val =" + result)if (ANDROID_ID == name) {console.log("System getStringForUser 获取 androidID")log();}return result;}
}function checkPermission() {console.log("----------- 权限检查 -----------")var ActivityCompat = Java.use("android.app.Activity")ActivityCompat.requestPermissions.overload("[Ljava.lang.String;", "int").implementation = function (permissions, requestCode) {console.log("requestPermissions 2 requestCode = " + requestCode + "  permissions = " + permissions)log();this.requestPermissions(permissions, requestCode)}var Fragment = Java.use("android.app.Fragment")Fragment.requestPermissions.implementation = function (permissions, code) {console.log('权限申请  android permissions = ' + permissions + "  code = " + code);log();this.requestPermissions(permissions, code)}var Fragmentx = Java.use("androidx.fragment.app.Fragment")Fragmentx.requestPermissions.implementation = function (permissions, code) {console.log('权限申请 androidx permissions = ' + permissions + "  code = " + code);log();this.requestPermissions(permissions, code)}
}function checkStartActivity() {console.log("----------- startActivity 检查 -----------")var Instrumentation = Java.use('android.app.Instrumentation');Instrumentation.execStartActivity.overload('android.content.Context','android.os.IBinder','android.os.IBinder','android.app.Activity','android.content.Intent','int','android.os.Bundle').implementation =function (who, contextThread, token, target, intent, requestCode, options) {console.log('【当前应用 1   Instrumentation】 启动 execStartActivity  intent = ' +intent);var pkg = intent.getPackage()console.log('pkg = ' + pkg)if (pkg != undefined && pkg != NULL && pkg == 'com.xiaomi.market') {intent.setPackage('com.heytap.market')}log();return this.execStartActivity(who, contextThread, token, target, intent, requestCode, options);}Instrumentation.execStartActivity.overload('android.content.Context','android.os.IBinder','android.os.IBinder',"java.lang.String",'android.content.Intent','int','android.os.Bundle').implementation =function (who, contextThread, token, target, intent, requestCode, options) {console.log('【当前应用 2   Instrumentation】 启动 execStartActivity  intent = ' +intent);var pkg = intent.getPackage()console.log('pkg = ' + pkg)if (pkg != undefined && pkg != NULL && pkg == 'com.xiaomi.market') {intent.setPackage('com.heytap.market')}log();return this.execStartActivity(who, contextThread, token, target, intent, requestCode, options);}Instrumentation.execStartActivity.overload('android.content.Context','android.os.IBinder','android.os.IBinder',"java.lang.String",'android.content.Intent','int','android.os.Bundle',"android.os.UserHandle").implementation =function (who, contextThread, token, resultWho, intent, requestCode, options, user) {console.log('【当前应用 3   Instrumentation】 启动 execStartActivity  intent = ' +intent);var pkg = intent.getPackage()console.log('pkg = ' + pkg)if (pkg != undefined && pkg != NULL && pkg == 'com.xiaomi.market') {intent.setPackage('com.heytap.market')}log();return this.execStartActivity(who, contextThread, token, resultWho, intent, requestCode, options, user)}Instrumentation.checkStartActivityResult.implementation = function (res, intent) {console.log('【checkStartActivityResult 启动  intent = ' + intent);log();return this.checkStartActivityResult(res, intent)}
}

本文来自互联网用户投稿,该文观点仅代表作者本人,不代表本站立场。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如若转载,请注明出处:http://xiahunao.cn/news/2806594.html

如若内容造成侵权/违法违规/事实不符,请联系瞎胡闹网进行投诉反馈,一经查实,立即删除!

相关文章

如何控制负压电源芯片的EN

如何控制负压电源芯片的EN

上文我们探讨了如何将负压控制信号转变成正压,这样的信号通常是由负压的芯片产生的,比如负电压的电源管理芯片的power good信号,那么负压芯片应该由谁来控制呢?如何实现对负压电源管理芯片的有效控制呢?   举例&…
阅读更多...
Yolov9全文翻译!

Yolov9全文翻译!

Yolo v9全文翻译 论文链接:👿 YOLOv9: Learning What You Want to Learn Using Programmable Gradient Information 代码链接:👿 https://github.com/WongKinYiu/yolov9/tree/main 大量图片来袭!
阅读更多...
Linux课程三课---Linux开发环境的使用(yum的相关)

Linux课程三课---Linux开发环境的使用(yum的相关)

作者前言 🎂 ✨✨✨✨✨✨🍧🍧🍧🍧🍧🍧🍧🎂 ​🎂 作者介绍: 🎂🎂 🎂 🎉🎉&#x1f389…
阅读更多...
2023全新UI千月影视APP源码 | 前后端完美匹配、后端基于ThinkPHP框架

2023全新UI千月影视APP源码 | 前后端完美匹配、后端基于ThinkPHP框架

应用介绍 本文来自:2023全新UI千月影视APP源码 | 前后端完美匹配、后端基于ThinkPHP框架 - 源码1688 简介: 2023全新UI千月影视APP源码 | 前后端完美匹配、后端基于thinkphp框架 图片:
阅读更多...
使用向量数据库pinecone构建应用02:检索增强生成RAG

使用向量数据库pinecone构建应用02:检索增强生成RAG

Building Applications with Vector Databases 下面是这门课的学习笔记:https://www.deeplearning.ai/short-courses/building-applications-vector-databases/ Learn to create six exciting applications of vector databases and implement them using Pinecon…
阅读更多...
提升装备制造企业竞争力:2023年CRM选型与应用完全解读

提升装备制造企业竞争力:2023年CRM选型与应用完全解读

在加快产业转型升级的大背景下,高端装备制造业既面临机遇也面临挑战。随着公司规模的不断壮大,再加上装备制造业营销体系及服务体系管理体系的复杂性,一些问题逐渐暴露出来,装备制造业企业需要根据自身业务需求和管理流程选择合适…
阅读更多...
Code-Audit(代码审计)习题记录6-7

Code-Audit(代码审计)习题记录6-7

介绍: 自己懒得搭建靶场了,靶场地址是 GitHub - CHYbeta/Code-Audit-Challenges: Code-Audit-Challenges为了方便在公网练习,可以随地访问,本文所有的题目均来源于网站HSCSEC-Code Audit 6、习题6 题目内容如下: 源代…
阅读更多...
Java+SpringBoot,打造极致申报体验

Java+SpringBoot,打造极致申报体验

✍✍计算机编程指导师 ⭐⭐个人介绍:自己非常喜欢研究技术问题!专业做Java、Python、微信小程序、安卓、大数据、爬虫、Golang、大屏等实战项目。 ⛽⛽实战项目:有源码或者技术上的问题欢迎在评论区一起讨论交流! ⚡⚡ Java实战 |…
阅读更多...
K线实战分析系列之三:吞没形态

K线实战分析系列之三:吞没形态

K线实战分析系列之三:吞没形态 一、吞没形态二、看涨吞没形态三、看跌吞没形态四、吞没形态判别标准 一、吞没形态 两根或两根以上的K线形成的组合形态,吞没形态就是一种主要的反转形态。 这个形态由两根K线组成,前短后长,一阴一…
阅读更多...
【安卓逆向】一款小说app去除广告与解锁vip分析

【安卓逆向】一款小说app去除广告与解锁vip分析

这次的受害者是一款破解圈里面大名鼎鼎的:56yU6Laj6ZiB😼 先来看看开屏广告(穿山甲) 阅读小说时的广告(百度) 你就说烦不烦🤣 先来去除穿山甲广告:com.bytedance.pangle.Zeus.hasi…
阅读更多...
【C++私房菜】面向对象中的多态

【C++私房菜】面向对象中的多态

文章目录 一、多态二、对象的静态类型和动态类型三、虚函数和纯虚函数1、虚函数2、虚析构函数3、抽象基类和纯虚函数4、多态的原理 四、重载、覆盖(重写)、隐藏(重定义)的对比 一、多态 OOP的核心思想是多态性(polymorphism)。多态性这个词源自希腊语,其含义是“多…
阅读更多...
07_html

07_html

文章目录 引言前端概述分类 HTML快速入门重要的body标签注释hr标签br标签一些常见的标签标题标签div标签span标签p标签a标签img标签路径问题 ol和ul标签table标签input标签(表单元素)textarea标签(表单元素)select标签&#xff08…
阅读更多...
三分钟快速搭建家纺行业小程序商城:轻松实现电子商务梦想

三分钟快速搭建家纺行业小程序商城:轻松实现电子商务梦想

随着互联网的普及和移动设备的广泛使用,越来越多的商业活动正在向数字化转型。在这个过程中,小程序商城作为一种新型的电子商务模式,正逐渐受到商家的青睐。本文将通过具体步骤,指导读者如何开发一个纺织辅料小程序商城。 一、选择…
阅读更多...
unity学习(41)——创建(create)角色脚本(panel)——UserHandler(收)+CreateClick(发)——发包!

unity学习(41)——创建(create)角色脚本(panel)——UserHandler(收)+CreateClick(发)——发包!

1.客户端的程序结构被我精简过,现在去MessageManager.cs中增加一个UserHandler函数,根据收到的包做对应的GameInfo赋值。 2.在Model文件夹下新增一个协议文件UserProtocol,内容很简单。 using System;public class UserProtocol {public co…
阅读更多...
Pycharm服务器配置与内网穿透工具结合实现远程开发的解决方法

Pycharm服务器配置与内网穿透工具结合实现远程开发的解决方法

文章目录 一、前期准备1. 检查IDE版本是否支持2. 服务器需要开通SSH服务 二、Pycharm本地链接服务器测试1. 配置服务器python解释器 三、使用内网穿透实现异地链接服务器开发1. 服务器安装Cpolar2. 创建远程连接公网地址 四、使用固定TCP地址远程开发 本文主要介绍如何使用Pych…
阅读更多...
【最新Dubbo3深入理解】Dubbo3源码中的一些小技巧

【最新Dubbo3深入理解】Dubbo3源码中的一些小技巧

欢迎关注公众号(通过文章导读关注:【11来了】),及时收到 AI 前沿项目工具及新技术的推送! 在我后台回复 「资料」 可领取编程高频电子书! 在我后台回复「面试」可领取硬核面试笔记! 文章导读地址…
阅读更多...
C语言中的字体背景颜色汇总

C语言中的字体背景颜色汇总

客官请看效果 客官请看代码 #include <stdio.h> #include <stdlib.h> #include <windows.h>int main() {int i;for (i 0; i < 254; i) {SetConsoleTextAttribute(GetStdHandle(STD_OUTPUT_HANDLE), i); // 设置当前文本颜色为循环变量对应的颜色printf(…
阅读更多...
算法学习(十一)拓扑排序

算法学习(十一)拓扑排序

拓扑排序 1. 概念 对一个有向无环图(Directed Acyclic Graph简称DAG)G进行拓扑排序&#xff0c;是将G中所有顶点排成一个线性序列&#xff0c;使得图中任意一对顶点u和v&#xff0c;若边<u,v>∈E(G)&#xff0c;则u在线性序列中出现在v之前。通常&#xff0c;这样的线性…
阅读更多...
离散数学 第八单元 布尔代数

离散数学 第八单元 布尔代数

目录 1. 布尔函数 2. duality 二元性 3. 表示布尔函数的布尔表达式 sum-of-products expansions 4. Functional Completeness 5. Logic Gates 逻辑门​​​​​​​ 4. 最小化 K-map卡诺图 Quine-McCluskey法 1. 布尔函数 嗯也就是我要知道布尔代数是啥形式&#xff…
阅读更多...
【安装记录】解决ssh密码正确,却无法连接到虚拟机

【安装记录】解决ssh密码正确,却无法连接到虚拟机

可能是没有允许Root登录 解决办法&#xff1a;修改/etc/ssh/sshd_config文件&#xff0c;将 PermitRootLogin 项打开
阅读更多...
最新文章

Copyright @ 2022~2023